cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

DASHBOARD-SANDBLAST NETWORK & MOBILE

I am new comer with the Checkpoint solution and I worked on the Cisco solution and we had a POC for the Sandblast Network and the customer wants to make sure of certain points, so I allow myself to ask for your help given your experience feedback.
The client's infrastructure is local with 1300 Users and in his network they have a fortigate in front + fortimail. And
1-There is a way to integrate the SandBlast Mobile Dashboard in the same management console for Network and Endoint if the customer wants also the SandBlast Mobile.
2- This Fortigate and Check Point Appliance would work together.

Thanks for your answers

Yanick DJINZOU

2 Replies

Re: DASHBOARD-SANDBLAST NETWORK & MOBILE

As far as #1 goes, the Dashboard for SandBlast Mobile is not managed centrally with the SandBlast Network components. The Mobile component is managed via a WebUI with the management living in Check Point's Cloud. 

You can, however, manage the SandBlast Network components and Endpoint components under the same Management Application (SmartConsole). Depending on your implementation goals, it might be beneficial to separate those management roles to two different servers. But, I would recommend having that conversation with whoever is assisting you with the POC.

As far as #2, how do you plan on implementing the Check Point appliance? Would it be inserted as an extra L3 hop in between the Fortinet and your users? Or were you planning on using it in Bridge mode? Others can chime in, but I'd generally advise against using Bridge mode unless you have no other choice. There are a lot of restrictions & performance issues that can result from being in that mode.

Assuming the CP appliance is sitting as a routed hop in between the Fortinet and your internal network, the SandBlast Network components should work fine. In terms of integrating with FortiMail, you will want to enable MTA on the CP Appliance and insert the CP as another MTA hop before the mail gets handed off to your internal E-Mail servers. This will allow you to run full the full suite of SandBlast mail protections. 

I'm far from a FortiNet expert, so I am speaking in fairly generic terms here, but hope that helps answer some of your questions!

Re: DASHBOARD-SANDBLAST NETWORK & MOBILE

Thanks to you Daniel